CVE Catalog

CVE-2025-31978

MediumCVSS 4.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

3th percentile - higher than 3% of all known CVEs

Summary

HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when automatically executed by the spreadsheet software.

Risk Assessment

The risk involves potential exfiltration of sensitive organizational data or execution of unauthorized actions on user workstations if a malicious CSV file is opened in spreadsheet software without proper safeguards.

Recommendation

It is recommended to immediately update HCL BigFix Service Management to the latest patched version and enforce policies that block automatic execution of macros in spreadsheet applications.

Original NVD description (English source)

HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when automatically executed by the spreadsheet software. Note that current versions of Excel warn users of untrusted content.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS